Re: MonkeyShell: using XML-RPC for access to a remote shell

• Previous message: Russ: "Re: Windows Update Issue"
• In reply to: Abe Usher: "MonkeyShell: using XML-RPC for access to a remote shell"
• Next in thread: Darryl Luff: "Re: MonkeyShell: using XML-RPC for access to a remote shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Mon, 11 Oct 2004 16:34:59 +0100
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

So lets think about this. You write a web service to specifically allow
access to the shell.

> Of course to really understand the security risks posed by Web
> services,
> you need to understand the basics of Web services. Enter an application
> I wrote called "Monkey Shell."

Surely this is proving the security risks of running any type of unknown
software rather than being limited to showing a problem with web services.
If you bound telnet to port 80 would that should a problem with HTTP? No of
course not.

Now I'll grant you that if you're protocol sniffing on well known ports a
rebinding of telnet would get caught, but heck you could write a remote
shell which used straightforward HTTP posts if necessary, it doesn't take
web services to do that.

Or am I missing something obvious here?

--
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
--

• Previous message: Russ: "Re: Windows Update Issue"
• In reply to: Abe Usher: "MonkeyShell: using XML-RPC for access to a remote shell"
• Next in thread: Darryl Luff: "Re: MonkeyShell: using XML-RPC for access to a remote shell"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages MonkeyShell: using XML-RPC for access to a remote shell ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ... (NT-Bugtraq) MonkeyShell: using XML-RPC for access to a remote shell ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ... (Pen-Test) [Full-Disclosure] MonkeyShell: using XML-RPC for access to a remote shell ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ... (Full-Disclosure) [fw-wiz] MonkeyShell: using XML-RPC for access to a remote shell ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ... (Firewall-Wizards) MonkeyShell: using XML-RPC for access to a remote shell ... Security pundits have been warning about the dangers implicit with Web ... Of course to really understand the security risks posed by Web services, ... I wrote called "Monkey Shell." ... MonkeyShell is a simple open source Python application that uses ... (FreeBSD-Security)